Coverage Report

Created: 2025-08-04 07:15

/src/wireshark/epan/dissectors/packet-dcerpc-eventlog.c
Line
Count
Source (jump to first uncovered line)
1
/* DO NOT EDIT
2
  This file was automatically generated by Pidl
3
  from eventlog.idl and eventlog.cnf.
4
5
  Pidl is a perl based IDL compiler for DCE/RPC idl files.
6
  It is maintained by the Samba team, not the Wireshark team.
7
  Instructions on how to download and install Pidl can be
8
  found at https://wiki.wireshark.org/Pidl
9
*/
10
11
12
#include "config.h"
13
#include <string.h>
14
#include <wsutil/array.h>
15
#include <epan/packet.h>
16
#include <epan/tfs.h>
17
18
#include "packet-dcerpc.h"
19
#include "packet-dcerpc-nt.h"
20
#include "packet-windows-common.h"
21
#include "packet-dcerpc-eventlog.h"
22
void proto_register_dcerpc_eventlog(void);
23
void proto_reg_handoff_dcerpc_eventlog(void);
24
25
/* Ett declarations */
26
static int ett_dcerpc_eventlog;
27
static int ett_eventlog_eventlogReadFlags;
28
static int ett_eventlog_eventlogEventTypes;
29
static int ett_eventlog_eventlog_OpenUnknown0;
30
static int ett_eventlog_eventlog_Record;
31
static int ett_eventlog_eventlog_ChangeUnknown0;
32
33
34
/* Header field declarations */
35
static int hf_eventlog_Record;
36
static int hf_eventlog_Record_computer_name;
37
static int hf_eventlog_Record_length;
38
static int hf_eventlog_Record_source_name;
39
static int hf_eventlog_Record_string;
40
static int hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE;
41
static int hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS;
42
static int hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE;
43
static int hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE;
44
static int hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE;
45
static int hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ;
46
static int hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ;
47
static int hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ;
48
static int hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ;
49
static int hf_eventlog_eventlog_BackupEventLogW_backupfilename;
50
static int hf_eventlog_eventlog_BackupEventLogW_handle;
51
static int hf_eventlog_eventlog_ChangeNotify_handle;
52
static int hf_eventlog_eventlog_ChangeNotify_unknown2;
53
static int hf_eventlog_eventlog_ChangeNotify_unknown3;
54
static int hf_eventlog_eventlog_ChangeUnknown0_unknown0;
55
static int hf_eventlog_eventlog_ChangeUnknown0_unknown1;
56
static int hf_eventlog_eventlog_ClearEventLogW_backupfilename;
57
static int hf_eventlog_eventlog_ClearEventLogW_handle;
58
static int hf_eventlog_eventlog_CloseEventLog_handle;
59
static int hf_eventlog_eventlog_DeregisterEventSource_handle;
60
static int hf_eventlog_eventlog_FlushEventLog_handle;
61
static int hf_eventlog_eventlog_GetLogInformation_cbBufSize;
62
static int hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded;
63
static int hf_eventlog_eventlog_GetLogInformation_dwInfoLevel;
64
static int hf_eventlog_eventlog_GetLogInformation_handle;
65
static int hf_eventlog_eventlog_GetLogInformation_lpBuffer;
66
static int hf_eventlog_eventlog_GetNumRecords_handle;
67
static int hf_eventlog_eventlog_GetNumRecords_number;
68
static int hf_eventlog_eventlog_GetOldestRecord_handle;
69
static int hf_eventlog_eventlog_GetOldestRecord_oldest;
70
static int hf_eventlog_eventlog_OpenBackupEventLogW_handle;
71
static int hf_eventlog_eventlog_OpenBackupEventLogW_logname;
72
static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown0;
73
static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown2;
74
static int hf_eventlog_eventlog_OpenBackupEventLogW_unknown3;
75
static int hf_eventlog_eventlog_OpenEventLogW_MajorVersion;
76
static int hf_eventlog_eventlog_OpenEventLogW_MinorVersion;
77
static int hf_eventlog_eventlog_OpenEventLogW_Module;
78
static int hf_eventlog_eventlog_OpenEventLogW_RegModuleName;
79
static int hf_eventlog_eventlog_OpenEventLogW_handle;
80
static int hf_eventlog_eventlog_OpenEventLogW_unknown0;
81
static int hf_eventlog_eventlog_OpenUnknown0_unknown0;
82
static int hf_eventlog_eventlog_OpenUnknown0_unknown1;
83
static int hf_eventlog_eventlog_ReadEventLogW_data;
84
static int hf_eventlog_eventlog_ReadEventLogW_flags;
85
static int hf_eventlog_eventlog_ReadEventLogW_handle;
86
static int hf_eventlog_eventlog_ReadEventLogW_number_of_bytes;
87
static int hf_eventlog_eventlog_ReadEventLogW_offset;
88
static int hf_eventlog_eventlog_ReadEventLogW_real_size;
89
static int hf_eventlog_eventlog_ReadEventLogW_sent_size;
90
static int hf_eventlog_eventlog_Record_closing_record_number;
91
static int hf_eventlog_eventlog_Record_computer_name;
92
static int hf_eventlog_eventlog_Record_data_length;
93
static int hf_eventlog_eventlog_Record_data_offset;
94
static int hf_eventlog_eventlog_Record_event_category;
95
static int hf_eventlog_eventlog_Record_event_id;
96
static int hf_eventlog_eventlog_Record_event_type;
97
static int hf_eventlog_eventlog_Record_num_of_strings;
98
static int hf_eventlog_eventlog_Record_raw_data;
99
static int hf_eventlog_eventlog_Record_record_number;
100
static int hf_eventlog_eventlog_Record_reserved;
101
static int hf_eventlog_eventlog_Record_reserved_flags;
102
static int hf_eventlog_eventlog_Record_sid_length;
103
static int hf_eventlog_eventlog_Record_sid_offset;
104
static int hf_eventlog_eventlog_Record_size;
105
static int hf_eventlog_eventlog_Record_source_name;
106
static int hf_eventlog_eventlog_Record_stringoffset;
107
static int hf_eventlog_eventlog_Record_strings;
108
static int hf_eventlog_eventlog_Record_time_generated;
109
static int hf_eventlog_eventlog_Record_time_written;
110
static int hf_eventlog_eventlog_RegisterEventSourceW_handle;
111
static int hf_eventlog_eventlog_RegisterEventSourceW_logname;
112
static int hf_eventlog_eventlog_RegisterEventSourceW_servername;
113
static int hf_eventlog_eventlog_RegisterEventSourceW_unknown0;
114
static int hf_eventlog_eventlog_RegisterEventSourceW_unknown2;
115
static int hf_eventlog_eventlog_RegisterEventSourceW_unknown3;
116
static int hf_eventlog_eventlog_ReportEventW_Type;
117
static int hf_eventlog_eventlog_ReportEventW_computer_name;
118
static int hf_eventlog_eventlog_ReportEventW_data_length;
119
static int hf_eventlog_eventlog_ReportEventW_event_category;
120
static int hf_eventlog_eventlog_ReportEventW_event_id;
121
static int hf_eventlog_eventlog_ReportEventW_handle;
122
static int hf_eventlog_eventlog_ReportEventW_num_of_strings;
123
static int hf_eventlog_eventlog_ReportEventW_time;
124
static int hf_eventlog_opnum;
125
static int hf_eventlog_status;
126
127
static int proto_dcerpc_eventlog;
128
/* Version information */
129
130
131
static e_guid_t uuid_dcerpc_eventlog = {
132
  0x82273fdc, 0xe32a, 0x18c3,
133
  { 0x3f, 0x78, 0x82, 0x79, 0x29, 0xdc, 0x23, 0xea }
134
};
135
static uint16_t ver_dcerpc_eventlog = 0;
136
137
static const true_false_string eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs = {
138
   "EVENTLOG_SEQUENTIAL_READ is SET",
139
   "EVENTLOG_SEQUENTIAL_READ is NOT SET",
140
};
141
static const true_false_string eventlogReadFlags_EVENTLOG_SEEK_READ_tfs = {
142
   "EVENTLOG_SEEK_READ is SET",
143
   "EVENTLOG_SEEK_READ is NOT SET",
144
};
145
static const true_false_string eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs = {
146
   "EVENTLOG_FORWARDS_READ is SET",
147
   "EVENTLOG_FORWARDS_READ is NOT SET",
148
};
149
static const true_false_string eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs = {
150
   "EVENTLOG_BACKWARDS_READ is SET",
151
   "EVENTLOG_BACKWARDS_READ is NOT SET",
152
};
153
static const true_false_string eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs = {
154
   "EVENTLOG_ERROR_TYPE is SET",
155
   "EVENTLOG_ERROR_TYPE is NOT SET",
156
};
157
static const true_false_string eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs = {
158
   "EVENTLOG_WARNING_TYPE is SET",
159
   "EVENTLOG_WARNING_TYPE is NOT SET",
160
};
161
static const true_false_string eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs = {
162
   "EVENTLOG_INFORMATION_TYPE is SET",
163
   "EVENTLOG_INFORMATION_TYPE is NOT SET",
164
};
165
static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs = {
166
   "EVENTLOG_AUDIT_SUCCESS is SET",
167
   "EVENTLOG_AUDIT_SUCCESS is NOT SET",
168
};
169
static const true_false_string eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs = {
170
   "EVENTLOG_AUDIT_FAILURE is SET",
171
   "EVENTLOG_AUDIT_FAILURE is NOT SET",
172
};
173
static int eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
174
static int eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
175
static int eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
176
static int eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
177
static int eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
178
static int eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
179
static int eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
180
static int eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
181
static int eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
182
static int eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
183
static int eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
184
static int eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
185
static int eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
186
static int eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
187
static int eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
188
static int eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
189
static int eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
190
static int eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
191
static int eventlog_dissect_element_Record_source_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
192
static int eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
193
static int eventlog_dissect_element_Record_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
194
static int eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
195
static int eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
196
static int eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
197
static int eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
198
static int eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
199
static int eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
200
static int eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
201
static int eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
202
static int eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
203
static int eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
204
static int eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
205
static int eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
206
static int eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
207
static int eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
208
static int eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
209
static int eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
210
static int eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
211
static int eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
212
static int eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
213
static int eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
214
static int eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
215
static int eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
216
static int eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
217
static int eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
218
static int eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
219
static int eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
220
static int eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
221
static int eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
222
static int eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
223
static int eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
224
static int eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
225
static int eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
226
static int eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
227
static int eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
228
static int eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
229
static int eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
230
static int eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
231
static int eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
232
static int eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
233
static int eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
234
static int eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
235
static int eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
236
static int eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
237
static int eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
238
static int eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
239
static int eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
240
static int eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
241
static int eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
242
static int eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
243
static int eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
244
static int eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
245
static int eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
246
static int eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
247
static int eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
248
static int eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
249
static int eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
250
static int eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
251
static int eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
252
static int eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
253
static int eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
254
static int eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
255
static int eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
256
static int eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
257
static int eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
258
static int eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
259
static int eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
260
static int eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
261
static int eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
262
static int eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
263
static int eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
264
static int eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
265
static int eventlog_dissect_element_GetLogInformation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
266
static int eventlog_dissect_element_GetLogInformation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
267
static int eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
268
static int eventlog_dissect_element_GetLogInformation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
269
static int eventlog_dissect_element_GetLogInformation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
270
static int eventlog_dissect_element_GetLogInformation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
271
static int eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
272
static int eventlog_dissect_element_GetLogInformation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
273
static int eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
274
static int eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_);
275
static int
276
eventlog_dissect_element_ReadEventLogW_data_(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
277
0
{
278
0
  uint32_t len;
279
0
  tvbuff_t *record_tvb;
280
0
  if(di->conformant_run){
281
    /*just a run to handle conformant arrays, nothing to dissect */
282
0
    return offset;
283
0
  }
284
0
  offset = dissect_ndr_uint32 (tvb, offset, pinfo, tree, di, drep,
285
0
    hf_eventlog_Record_length, &len);
286
  /* Create a new tvb so that we know that offset==0 is the beginning
287
   * of the record. We need to know this since the data is not really
288
   * NDR encoded at all and there are byte offsets into this buffer
289
   * encoded therein.
290
   */
291
0
  record_tvb=tvb_new_subset_length_caplen(tvb, offset, MIN((int)len, tvb_captured_length_remaining(tvb, offset)), len);
292
0
  eventlog_dissect_struct_Record(record_tvb, 0, pinfo, tree, di, drep, hf_eventlog_Record, 0);
293
0
  offset+=len;
294
0
  return offset;
295
0
}
296
/* sid_length and sid_offset handled by manual code since this is not NDR
297
   and we want to dissect the sid from the data blob */
298
static uint32_t sid_length;
299
static int
300
eventlog_dissect_element_Record_sid_length(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
301
0
{
302
0
  sid_length=0;
303
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_length,&sid_length);
304
0
  return offset;
305
0
}
306
static int
307
eventlog_dissect_element_Record_sid_offset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
308
0
{
309
0
  uint32_t sid_offset=0;
310
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_sid_offset,&sid_offset);
311
0
  if(sid_offset && sid_length){
312
0
    tvbuff_t *sid_tvb;
313
    /* this blob contains an NT SID.
314
     * tvb starts at the beginning of the record.
315
     */
316
0
    sid_tvb=tvb_new_subset_length_caplen(tvb, sid_offset, MIN((int)sid_length, tvb_captured_length_remaining(tvb, offset)), sid_length);
317
0
    dissect_nt_sid(sid_tvb, pinfo, 0, tree, "SID", NULL, -1);
318
0
  }
319
0
  return offset;
320
0
}
321
static int
322
eventlog_dissect_element_Record_source_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, uint8_t *drep _U_)
323
0
{
324
0
  unsigned len;
325
0
  len=tvb_unicode_strsize(tvb, offset);
326
0
  proto_tree_add_item(tree, hf_eventlog_Record_source_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
327
0
  offset+=len;
328
0
  return offset;
329
0
}
330
static int
331
eventlog_dissect_element_Record_computer_name(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, uint8_t *drep _U_)
332
0
{
333
0
  unsigned len;
334
0
  len=tvb_unicode_strsize(tvb, offset);
335
0
  proto_tree_add_item(tree, hf_eventlog_Record_computer_name, tvb, offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
336
0
  offset+=len;
337
0
  return offset;
338
0
}
339
static uint16_t num_of_strings;
340
static int
341
eventlog_dissect_element_Record_num_of_strings(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
342
0
{
343
0
  num_of_strings=0;
344
0
  offset = dissect_ndr_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_num_of_strings,&num_of_strings);
345
0
  return offset;
346
0
}
347
static uint32_t string_offset;
348
static int
349
eventlog_dissect_element_Record_stringoffset(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, uint8_t *drep)
350
0
{
351
0
  string_offset=0;
352
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_stringoffset,&string_offset);
353
0
  return offset;
354
0
}
355
static int
356
eventlog_dissect_element_Record_strings(tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, dcerpc_info *di _U_, uint8_t *drep _U_)
357
0
{
358
0
  while(string_offset && num_of_strings){
359
0
    unsigned len;
360
0
    len=tvb_unicode_strsize(tvb, string_offset);
361
0
    proto_tree_add_item(tree, hf_eventlog_Record_string, tvb, string_offset, len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
362
0
    string_offset+=len;
363
0
    num_of_strings--;
364
0
  }
365
0
  return offset;
366
0
}
367
368
369
/* IDL: bitmap { */
370
/* IDL:   EVENTLOG_SEQUENTIAL_READ =  0x00000001 , */
371
/* IDL:   EVENTLOG_SEEK_READ =  0x00000002 , */
372
/* IDL:   EVENTLOG_FORWARDS_READ =  0x00000004 , */
373
/* IDL:   EVENTLOG_BACKWARDS_READ =  0x00000008 , */
374
/* IDL: } */
375
376
int
377
eventlog_dissect_bitmap_eventlogReadFlags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
378
0
{
379
0
  proto_item *item;
380
0
  static int * const eventlog_eventlogReadFlags_fields[] = {
381
0
    &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
382
0
    &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
383
0
    &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
384
0
    &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
385
0
    NULL
386
0
  };
387
0
  uint32_t flags;
388
0
  ALIGN_TO_4_BYTES;
389
390
0
  item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
391
0
        ett_eventlog_eventlogReadFlags, eventlog_eventlogReadFlags_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
392
393
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
394
395
0
  if (!flags)
396
0
    proto_item_append_text(item, ": (No values set)");
397
398
0
  if (flags & (~0x0000000f)) {
399
0
    flags &= (~0x0000000f);
400
0
    proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
401
0
  }
402
403
0
  return offset;
404
0
}
405
406
407
/* IDL: bitmap { */
408
/* IDL:   EVENTLOG_SUCCESS =  0x00000000 , */
409
/* IDL:   EVENTLOG_ERROR_TYPE =  0x00000001 , */
410
/* IDL:   EVENTLOG_WARNING_TYPE =  0x00000002 , */
411
/* IDL:   EVENTLOG_INFORMATION_TYPE =  0x00000004 , */
412
/* IDL:   EVENTLOG_AUDIT_SUCCESS =  0x00000008 , */
413
/* IDL:   EVENTLOG_AUDIT_FAILURE =  0x00000010 , */
414
/* IDL: } */
415
416
int
417
eventlog_dissect_bitmap_eventlogEventTypes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
418
0
{
419
0
  proto_item *item;
420
0
  static int * const eventlog_eventlogEventTypes_fields[] = {
421
0
    &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
422
0
    &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
423
0
    &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
424
0
    &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
425
0
    &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
426
0
    NULL
427
0
  };
428
0
  uint32_t flags;
429
0
  ALIGN_TO_4_BYTES;
430
431
0
  item = proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_index,
432
0
        ett_eventlog_eventlogEventTypes, eventlog_eventlogEventTypes_fields, DREP_ENC_INTEGER(drep), BMT_NO_FALSE);
433
434
0
  offset = dissect_ndr_uint32(tvb, offset, pinfo, parent_tree, di, drep, -1, &flags);
435
436
0
  if (!flags)
437
0
    proto_item_append_text(item, ": (No values set)");
438
439
0
  if (flags & (~0x0000001f)) {
440
0
    flags &= (~0x0000001f);
441
0
    proto_item_append_text(item, "Unknown bitmap value 0x%x", flags);
442
0
  }
443
444
0
  return offset;
445
0
}
446
447
448
/* IDL: struct { */
449
/* IDL:   uint16 unknown0; */
450
/* IDL:   uint16 unknown1; */
451
/* IDL: } */
452
453
static int
454
eventlog_dissect_element_OpenUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
455
0
{
456
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown0, 0);
457
458
0
  return offset;
459
0
}
460
461
static int
462
eventlog_dissect_element_OpenUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
463
0
{
464
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenUnknown0_unknown1, 0);
465
466
0
  return offset;
467
0
}
468
469
int
470
eventlog_dissect_struct_OpenUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
471
0
{
472
0
  proto_item *item = NULL;
473
0
  proto_tree *tree = NULL;
474
0
  int old_offset;
475
476
0
  ALIGN_TO_2_BYTES;
477
478
0
  old_offset = offset;
479
480
0
  if (parent_tree) {
481
0
    item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
482
0
    tree = proto_item_add_subtree(item, ett_eventlog_eventlog_OpenUnknown0);
483
0
  }
484
485
0
  offset = eventlog_dissect_element_OpenUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
486
487
0
  offset = eventlog_dissect_element_OpenUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
488
489
490
0
  proto_item_set_len(item, offset-old_offset);
491
492
493
0
  if (di->call_data->flags & DCERPC_IS_NDR64) {
494
0
    ALIGN_TO_2_BYTES;
495
0
  }
496
497
0
  return offset;
498
0
}
499
500
501
/* IDL: struct { */
502
/* IDL:   uint32 size; */
503
/* IDL:   uint32 reserved; */
504
/* IDL:   uint32 record_number; */
505
/* IDL:   uint32 time_generated; */
506
/* IDL:   uint32 time_written; */
507
/* IDL:   uint32 event_id; */
508
/* IDL:   uint16 event_type; */
509
/* IDL:   uint16 num_of_strings; */
510
/* IDL:   uint16 event_category; */
511
/* IDL:   uint16 reserved_flags; */
512
/* IDL:   uint32 closing_record_number; */
513
/* IDL:   uint32 stringoffset; */
514
/* IDL:   uint32 sid_length; */
515
/* IDL:   uint32 sid_offset; */
516
/* IDL:   uint32 data_length; */
517
/* IDL:   uint32 data_offset; */
518
/* IDL:   [flag(LIBNDR_FLAG_STR_NULLTERM)] string source_name; */
519
/* IDL:   [flag(LIBNDR_FLAG_STR_NULLTERM)] string computer_name; */
520
/* IDL:   [flag(LIBNDR_FLAG_STR_NULLTERM)] string strings[num_of_strings]; */
521
/* IDL:   [flag(LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM)] string raw_data; */
522
/* IDL: } */
523
524
static int
525
eventlog_dissect_element_Record_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
526
0
{
527
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_size, 0);
528
529
0
  return offset;
530
0
}
531
532
static int
533
eventlog_dissect_element_Record_reserved(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
534
0
{
535
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved, 0);
536
537
0
  return offset;
538
0
}
539
540
static int
541
eventlog_dissect_element_Record_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
542
0
{
543
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_record_number, 0);
544
545
0
  return offset;
546
0
}
547
548
static int
549
eventlog_dissect_element_Record_time_generated(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
550
0
{
551
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_generated, 0);
552
553
0
  return offset;
554
0
}
555
556
static int
557
eventlog_dissect_element_Record_time_written(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
558
0
{
559
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_time_written, 0);
560
561
0
  return offset;
562
0
}
563
564
static int
565
eventlog_dissect_element_Record_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
566
0
{
567
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_id, 0);
568
569
0
  return offset;
570
0
}
571
572
static int
573
eventlog_dissect_element_Record_event_type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
574
0
{
575
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_type, 0);
576
577
0
  return offset;
578
0
}
579
580
static int
581
eventlog_dissect_element_Record_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
582
0
{
583
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_event_category, 0);
584
585
0
  return offset;
586
0
}
587
588
static int
589
eventlog_dissect_element_Record_reserved_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
590
0
{
591
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_reserved_flags, 0);
592
593
0
  return offset;
594
0
}
595
596
static int
597
eventlog_dissect_element_Record_closing_record_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
598
0
{
599
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_closing_record_number, 0);
600
601
0
  return offset;
602
0
}
603
604
static int
605
eventlog_dissect_element_Record_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
606
0
{
607
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_length, 0);
608
609
0
  return offset;
610
0
}
611
612
static int
613
eventlog_dissect_element_Record_data_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
614
0
{
615
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_Record_data_offset, 0);
616
617
0
  return offset;
618
0
}
619
620
static int
621
eventlog_dissect_element_Record_raw_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
622
0
{
623
0
  offset = dissect_null_term_string(tvb, offset, pinfo, tree, drep, hf_eventlog_eventlog_Record_raw_data , 0);
624
625
0
  return offset;
626
0
}
627
628
int
629
eventlog_dissect_struct_Record(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
630
0
{
631
0
  proto_item *item = NULL;
632
0
  proto_tree *tree = NULL;
633
0
  int old_offset;
634
635
0
  ALIGN_TO_4_BYTES;
636
637
0
  old_offset = offset;
638
639
0
  if (parent_tree) {
640
0
    item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
641
0
    tree = proto_item_add_subtree(item, ett_eventlog_eventlog_Record);
642
0
  }
643
644
0
  offset = eventlog_dissect_element_Record_size(tvb, offset, pinfo, tree, di, drep);
645
646
0
  offset = eventlog_dissect_element_Record_reserved(tvb, offset, pinfo, tree, di, drep);
647
648
0
  offset = eventlog_dissect_element_Record_record_number(tvb, offset, pinfo, tree, di, drep);
649
650
0
  offset = eventlog_dissect_element_Record_time_generated(tvb, offset, pinfo, tree, di, drep);
651
652
0
  offset = eventlog_dissect_element_Record_time_written(tvb, offset, pinfo, tree, di, drep);
653
654
0
  offset = eventlog_dissect_element_Record_event_id(tvb, offset, pinfo, tree, di, drep);
655
656
0
  offset = eventlog_dissect_element_Record_event_type(tvb, offset, pinfo, tree, di, drep);
657
658
0
  offset = eventlog_dissect_element_Record_num_of_strings(tvb, offset, pinfo, tree, di, drep);
659
660
0
  offset = eventlog_dissect_element_Record_event_category(tvb, offset, pinfo, tree, di, drep);
661
662
0
  offset = eventlog_dissect_element_Record_reserved_flags(tvb, offset, pinfo, tree, di, drep);
663
664
0
  offset = eventlog_dissect_element_Record_closing_record_number(tvb, offset, pinfo, tree, di, drep);
665
666
0
  offset = eventlog_dissect_element_Record_stringoffset(tvb, offset, pinfo, tree, di, drep);
667
668
0
  offset = eventlog_dissect_element_Record_sid_length(tvb, offset, pinfo, tree, di, drep);
669
670
0
  offset = eventlog_dissect_element_Record_sid_offset(tvb, offset, pinfo, tree, di, drep);
671
672
0
  offset = eventlog_dissect_element_Record_data_length(tvb, offset, pinfo, tree, di, drep);
673
674
0
  offset = eventlog_dissect_element_Record_data_offset(tvb, offset, pinfo, tree, di, drep);
675
676
0
  offset = eventlog_dissect_element_Record_source_name(tvb, offset, pinfo, tree, di, drep);
677
678
0
  offset = eventlog_dissect_element_Record_computer_name(tvb, offset, pinfo, tree, di, drep);
679
680
0
  offset = eventlog_dissect_element_Record_strings(tvb, offset, pinfo, tree, di, drep);
681
682
0
  offset = eventlog_dissect_element_Record_raw_data(tvb, offset, pinfo, tree, di, drep);
683
684
685
0
  proto_item_set_len(item, offset-old_offset);
686
687
688
0
  if (di->call_data->flags & DCERPC_IS_NDR64) {
689
0
    ALIGN_TO_4_BYTES;
690
0
  }
691
692
0
  return offset;
693
0
}
694
695
696
/* IDL: struct { */
697
/* IDL:   uint32 unknown0; */
698
/* IDL:   uint32 unknown1; */
699
/* IDL: } */
700
701
static int
702
eventlog_dissect_element_ChangeUnknown0_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
703
0
{
704
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown0, 0);
705
706
0
  return offset;
707
0
}
708
709
static int
710
eventlog_dissect_element_ChangeUnknown0_unknown1(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
711
0
{
712
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeUnknown0_unknown1, 0);
713
714
0
  return offset;
715
0
}
716
717
int
718
eventlog_dissect_struct_ChangeUnknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *parent_tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_, int hf_index _U_, uint32_t param _U_)
719
0
{
720
0
  proto_item *item = NULL;
721
0
  proto_tree *tree = NULL;
722
0
  int old_offset;
723
724
0
  ALIGN_TO_4_BYTES;
725
726
0
  old_offset = offset;
727
728
0
  if (parent_tree) {
729
0
    item = proto_tree_add_item(parent_tree, hf_index, tvb, offset, -1, ENC_NA);
730
0
    tree = proto_item_add_subtree(item, ett_eventlog_eventlog_ChangeUnknown0);
731
0
  }
732
733
0
  offset = eventlog_dissect_element_ChangeUnknown0_unknown0(tvb, offset, pinfo, tree, di, drep);
734
735
0
  offset = eventlog_dissect_element_ChangeUnknown0_unknown1(tvb, offset, pinfo, tree, di, drep);
736
737
738
0
  proto_item_set_len(item, offset-old_offset);
739
740
741
0
  if (di->call_data->flags & DCERPC_IS_NDR64) {
742
0
    ALIGN_TO_4_BYTES;
743
0
  }
744
745
0
  return offset;
746
0
}
747
748
static int
749
eventlog_dissect_element_ClearEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
750
0
{
751
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ClearEventLogW_handle);
752
753
0
  return offset;
754
0
}
755
756
static int
757
eventlog_dissect_element_ClearEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
758
0
{
759
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ClearEventLogW_handle, 0);
760
761
0
  return offset;
762
0
}
763
764
static int
765
eventlog_dissect_element_ClearEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
766
0
{
767
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ClearEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_ClearEventLogW_backupfilename);
768
769
0
  return offset;
770
0
}
771
772
static int
773
eventlog_dissect_element_ClearEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
774
0
{
775
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ClearEventLogW_backupfilename, 0);
776
777
0
  return offset;
778
0
}
779
780
/* IDL: NTSTATUS eventlog_ClearEventLogW( */
781
/* IDL: [in] [ref] policy_handle *handle, */
782
/* IDL: [in] [unique(1)] lsa_String *backupfilename */
783
/* IDL: ); */
784
785
static int
786
eventlog_dissect_ClearEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
787
0
{
788
0
  uint32_t status;
789
790
0
  di->dcerpc_procedure_name="ClearEventLogW";
791
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
792
793
0
  if (status != 0)
794
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
795
796
0
  return offset;
797
0
}
798
799
static int
800
eventlog_dissect_ClearEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
801
0
{
802
0
  di->dcerpc_procedure_name="ClearEventLogW";
803
0
  offset = eventlog_dissect_element_ClearEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
804
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
805
0
  offset = eventlog_dissect_element_ClearEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
806
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
807
0
  return offset;
808
0
}
809
810
static int
811
eventlog_dissect_element_BackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
812
0
{
813
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_BackupEventLogW_handle);
814
815
0
  return offset;
816
0
}
817
818
static int
819
eventlog_dissect_element_BackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
820
0
{
821
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_BackupEventLogW_handle, 0);
822
823
0
  return offset;
824
0
}
825
826
static int
827
eventlog_dissect_element_BackupEventLogW_backupfilename(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
828
0
{
829
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_BackupEventLogW_backupfilename_, NDR_POINTER_UNIQUE, "Pointer to Backupfilename (lsa_String)",hf_eventlog_eventlog_BackupEventLogW_backupfilename);
830
831
0
  return offset;
832
0
}
833
834
static int
835
eventlog_dissect_element_BackupEventLogW_backupfilename_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
836
0
{
837
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_BackupEventLogW_backupfilename, 0);
838
839
0
  return offset;
840
0
}
841
842
/* IDL: NTSTATUS eventlog_BackupEventLogW( */
843
/* IDL: [in] [ref] policy_handle *handle, */
844
/* IDL: [in] [unique(1)] lsa_String *backupfilename */
845
/* IDL: ); */
846
847
static int
848
eventlog_dissect_BackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
849
0
{
850
0
  uint32_t status;
851
852
0
  di->dcerpc_procedure_name="BackupEventLogW";
853
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
854
855
0
  if (status != 0)
856
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
857
858
0
  return offset;
859
0
}
860
861
static int
862
eventlog_dissect_BackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
863
0
{
864
0
  di->dcerpc_procedure_name="BackupEventLogW";
865
0
  offset = eventlog_dissect_element_BackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
866
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
867
0
  offset = eventlog_dissect_element_BackupEventLogW_backupfilename(tvb, offset, pinfo, tree, di, drep);
868
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
869
0
  return offset;
870
0
}
871
872
static int
873
eventlog_dissect_element_CloseEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
874
0
{
875
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_CloseEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_CloseEventLog_handle);
876
877
0
  return offset;
878
0
}
879
880
static int
881
eventlog_dissect_element_CloseEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
882
0
{
883
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_CloseEventLog_handle, PIDL_POLHND_CLOSE);
884
885
0
  return offset;
886
0
}
887
888
/* IDL: NTSTATUS eventlog_CloseEventLog( */
889
/* IDL: [in] [out] [ref] policy_handle *handle */
890
/* IDL: ); */
891
892
static int
893
eventlog_dissect_CloseEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
894
0
{
895
0
  uint32_t status;
896
897
0
  di->dcerpc_procedure_name="CloseEventLog";
898
0
  offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
899
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
900
901
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
902
903
0
  if (status != 0)
904
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
905
906
0
  return offset;
907
0
}
908
909
static int
910
eventlog_dissect_CloseEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
911
0
{
912
0
  di->dcerpc_procedure_name="CloseEventLog";
913
0
  offset = eventlog_dissect_element_CloseEventLog_handle(tvb, offset, pinfo, tree, di, drep);
914
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
915
0
  return offset;
916
0
}
917
918
static int
919
eventlog_dissect_element_DeregisterEventSource_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
920
0
{
921
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_DeregisterEventSource_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_DeregisterEventSource_handle);
922
923
0
  return offset;
924
0
}
925
926
static int
927
eventlog_dissect_element_DeregisterEventSource_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
928
0
{
929
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_DeregisterEventSource_handle, 0);
930
931
0
  return offset;
932
0
}
933
934
/* IDL: NTSTATUS eventlog_DeregisterEventSource( */
935
/* IDL: [in] [out] [ref] policy_handle *handle */
936
/* IDL: ); */
937
938
static int
939
eventlog_dissect_DeregisterEventSource_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
940
0
{
941
0
  uint32_t status;
942
943
0
  di->dcerpc_procedure_name="DeregisterEventSource";
944
0
  offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
945
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
946
947
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
948
949
0
  if (status != 0)
950
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
951
952
0
  return offset;
953
0
}
954
955
static int
956
eventlog_dissect_DeregisterEventSource_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
957
0
{
958
0
  di->dcerpc_procedure_name="DeregisterEventSource";
959
0
  offset = eventlog_dissect_element_DeregisterEventSource_handle(tvb, offset, pinfo, tree, di, drep);
960
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
961
0
  return offset;
962
0
}
963
964
static int
965
eventlog_dissect_element_GetNumRecords_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
966
0
{
967
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetNumRecords_handle);
968
969
0
  return offset;
970
0
}
971
972
static int
973
eventlog_dissect_element_GetNumRecords_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
974
0
{
975
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_handle, 0);
976
977
0
  return offset;
978
0
}
979
980
static int
981
eventlog_dissect_element_GetNumRecords_number(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
982
0
{
983
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetNumRecords_number_, NDR_POINTER_REF, "Pointer to Number (uint32)",hf_eventlog_eventlog_GetNumRecords_number);
984
985
0
  return offset;
986
0
}
987
988
static int
989
eventlog_dissect_element_GetNumRecords_number_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
990
0
{
991
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetNumRecords_number, 0);
992
993
0
  return offset;
994
0
}
995
996
/* IDL: NTSTATUS eventlog_GetNumRecords( */
997
/* IDL: [in] [ref] policy_handle *handle, */
998
/* IDL: [out] [ref] uint32 *number */
999
/* IDL: ); */
1000
1001
static int
1002
eventlog_dissect_GetNumRecords_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1003
0
{
1004
0
  uint32_t status;
1005
1006
0
  di->dcerpc_procedure_name="GetNumRecords";
1007
0
  offset = eventlog_dissect_element_GetNumRecords_number(tvb, offset, pinfo, tree, di, drep);
1008
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1009
1010
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1011
1012
0
  if (status != 0)
1013
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1014
1015
0
  return offset;
1016
0
}
1017
1018
static int
1019
eventlog_dissect_GetNumRecords_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1020
0
{
1021
0
  di->dcerpc_procedure_name="GetNumRecords";
1022
0
  offset = eventlog_dissect_element_GetNumRecords_handle(tvb, offset, pinfo, tree, di, drep);
1023
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1024
0
  return offset;
1025
0
}
1026
1027
static int
1028
eventlog_dissect_element_GetOldestRecord_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1029
0
{
1030
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetOldestRecord_handle);
1031
1032
0
  return offset;
1033
0
}
1034
1035
static int
1036
eventlog_dissect_element_GetOldestRecord_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1037
0
{
1038
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_handle, 0);
1039
1040
0
  return offset;
1041
0
}
1042
1043
static int
1044
eventlog_dissect_element_GetOldestRecord_oldest(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1045
0
{
1046
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetOldestRecord_oldest_, NDR_POINTER_REF, "Pointer to Oldest (uint32)",hf_eventlog_eventlog_GetOldestRecord_oldest);
1047
1048
0
  return offset;
1049
0
}
1050
1051
static int
1052
eventlog_dissect_element_GetOldestRecord_oldest_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1053
0
{
1054
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetOldestRecord_oldest, 0);
1055
1056
0
  return offset;
1057
0
}
1058
1059
/* IDL: NTSTATUS eventlog_GetOldestRecord( */
1060
/* IDL: [in] [ref] policy_handle *handle, */
1061
/* IDL: [out] [ref] uint32 *oldest */
1062
/* IDL: ); */
1063
1064
static int
1065
eventlog_dissect_GetOldestRecord_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1066
0
{
1067
0
  uint32_t status;
1068
1069
0
  di->dcerpc_procedure_name="GetOldestRecord";
1070
0
  offset = eventlog_dissect_element_GetOldestRecord_oldest(tvb, offset, pinfo, tree, di, drep);
1071
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1072
1073
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1074
1075
0
  if (status != 0)
1076
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1077
1078
0
  return offset;
1079
0
}
1080
1081
static int
1082
eventlog_dissect_GetOldestRecord_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1083
0
{
1084
0
  di->dcerpc_procedure_name="GetOldestRecord";
1085
0
  offset = eventlog_dissect_element_GetOldestRecord_handle(tvb, offset, pinfo, tree, di, drep);
1086
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1087
0
  return offset;
1088
0
}
1089
1090
static int
1091
eventlog_dissect_element_ChangeNotify_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1092
0
{
1093
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ChangeNotify_handle);
1094
1095
0
  return offset;
1096
0
}
1097
1098
static int
1099
eventlog_dissect_element_ChangeNotify_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1100
0
{
1101
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_handle, 0);
1102
1103
0
  return offset;
1104
0
}
1105
1106
static int
1107
eventlog_dissect_element_ChangeNotify_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1108
0
{
1109
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ChangeNotify_unknown2_, NDR_POINTER_REF, "Pointer to Unknown2 (eventlog_ChangeUnknown0)",hf_eventlog_eventlog_ChangeNotify_unknown2);
1110
1111
0
  return offset;
1112
0
}
1113
1114
static int
1115
eventlog_dissect_element_ChangeNotify_unknown2_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1116
0
{
1117
0
  offset = eventlog_dissect_struct_ChangeUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_ChangeNotify_unknown2,0);
1118
1119
0
  return offset;
1120
0
}
1121
1122
static int
1123
eventlog_dissect_element_ChangeNotify_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1124
0
{
1125
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ChangeNotify_unknown3, 0);
1126
1127
0
  return offset;
1128
0
}
1129
1130
/* IDL: NTSTATUS eventlog_ChangeNotify( */
1131
/* IDL: [in] [ref] policy_handle *handle, */
1132
/* IDL: [in] [ref] eventlog_ChangeUnknown0 *unknown2, */
1133
/* IDL: [in] uint32 unknown3 */
1134
/* IDL: ); */
1135
1136
static int
1137
eventlog_dissect_ChangeNotify_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1138
0
{
1139
0
  uint32_t status;
1140
1141
0
  di->dcerpc_procedure_name="ChangeNotify";
1142
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1143
1144
0
  if (status != 0)
1145
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1146
1147
0
  return offset;
1148
0
}
1149
1150
static int
1151
eventlog_dissect_ChangeNotify_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1152
0
{
1153
0
  di->dcerpc_procedure_name="ChangeNotify";
1154
0
  offset = eventlog_dissect_element_ChangeNotify_handle(tvb, offset, pinfo, tree, di, drep);
1155
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1156
0
  offset = eventlog_dissect_element_ChangeNotify_unknown2(tvb, offset, pinfo, tree, di, drep);
1157
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1158
0
  offset = eventlog_dissect_element_ChangeNotify_unknown3(tvb, offset, pinfo, tree, di, drep);
1159
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1160
0
  return offset;
1161
0
}
1162
1163
static int
1164
eventlog_dissect_element_OpenEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1165
0
{
1166
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenEventLogW_unknown0);
1167
1168
0
  return offset;
1169
0
}
1170
1171
static int
1172
eventlog_dissect_element_OpenEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1173
0
{
1174
0
  offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenEventLogW_unknown0,0);
1175
1176
0
  return offset;
1177
0
}
1178
1179
static int
1180
eventlog_dissect_element_OpenEventLogW_Module(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1181
0
{
1182
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_Module, 0);
1183
1184
0
  return offset;
1185
0
}
1186
1187
static int
1188
eventlog_dissect_element_OpenEventLogW_RegModuleName(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1189
0
{
1190
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_RegModuleName, 0);
1191
1192
0
  return offset;
1193
0
}
1194
1195
static int
1196
eventlog_dissect_element_OpenEventLogW_MajorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1197
0
{
1198
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MajorVersion, 0);
1199
1200
0
  return offset;
1201
0
}
1202
1203
static int
1204
eventlog_dissect_element_OpenEventLogW_MinorVersion(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1205
0
{
1206
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_MinorVersion, 0);
1207
1208
0
  return offset;
1209
0
}
1210
1211
static int
1212
eventlog_dissect_element_OpenEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1213
0
{
1214
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenEventLogW_handle);
1215
1216
0
  return offset;
1217
0
}
1218
1219
static int
1220
eventlog_dissect_element_OpenEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1221
0
{
1222
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenEventLogW_handle, PIDL_POLHND_OPEN);
1223
1224
0
  return offset;
1225
0
}
1226
1227
/* IDL: NTSTATUS eventlog_OpenEventLogW( */
1228
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1229
/* IDL: [in] lsa_String Module, */
1230
/* IDL: [in] lsa_String RegModuleName, */
1231
/* IDL: [in] uint32 MajorVersion, */
1232
/* IDL: [in] uint32 MinorVersion, */
1233
/* IDL: [out] [ref] policy_handle *handle */
1234
/* IDL: ); */
1235
1236
static int
1237
eventlog_dissect_OpenEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1238
0
{
1239
0
  uint32_t status;
1240
1241
0
  di->dcerpc_procedure_name="OpenEventLogW";
1242
0
  offset = eventlog_dissect_element_OpenEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1243
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1244
1245
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1246
1247
0
  if (status != 0)
1248
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1249
1250
0
  return offset;
1251
0
}
1252
1253
static int
1254
eventlog_dissect_OpenEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1255
0
{
1256
0
  di->dcerpc_procedure_name="OpenEventLogW";
1257
0
  offset = eventlog_dissect_element_OpenEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1258
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1259
0
  offset = eventlog_dissect_element_OpenEventLogW_Module(tvb, offset, pinfo, tree, di, drep);
1260
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1261
0
  offset = eventlog_dissect_element_OpenEventLogW_RegModuleName(tvb, offset, pinfo, tree, di, drep);
1262
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1263
0
  offset = eventlog_dissect_element_OpenEventLogW_MajorVersion(tvb, offset, pinfo, tree, di, drep);
1264
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1265
0
  offset = eventlog_dissect_element_OpenEventLogW_MinorVersion(tvb, offset, pinfo, tree, di, drep);
1266
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1267
0
  return offset;
1268
0
}
1269
1270
static int
1271
eventlog_dissect_element_RegisterEventSourceW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1272
0
{
1273
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_RegisterEventSourceW_unknown0);
1274
1275
0
  return offset;
1276
0
}
1277
1278
static int
1279
eventlog_dissect_element_RegisterEventSourceW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1280
0
{
1281
0
  offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_RegisterEventSourceW_unknown0,0);
1282
1283
0
  return offset;
1284
0
}
1285
1286
static int
1287
eventlog_dissect_element_RegisterEventSourceW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1288
0
{
1289
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_logname, 0);
1290
1291
0
  return offset;
1292
0
}
1293
1294
static int
1295
eventlog_dissect_element_RegisterEventSourceW_servername(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1296
0
{
1297
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_servername, 0);
1298
1299
0
  return offset;
1300
0
}
1301
1302
static int
1303
eventlog_dissect_element_RegisterEventSourceW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1304
0
{
1305
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown2, 0);
1306
1307
0
  return offset;
1308
0
}
1309
1310
static int
1311
eventlog_dissect_element_RegisterEventSourceW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1312
0
{
1313
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_unknown3, 0);
1314
1315
0
  return offset;
1316
0
}
1317
1318
static int
1319
eventlog_dissect_element_RegisterEventSourceW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1320
0
{
1321
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_RegisterEventSourceW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_RegisterEventSourceW_handle);
1322
1323
0
  return offset;
1324
0
}
1325
1326
static int
1327
eventlog_dissect_element_RegisterEventSourceW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1328
0
{
1329
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_RegisterEventSourceW_handle, 0);
1330
1331
0
  return offset;
1332
0
}
1333
1334
/* IDL: NTSTATUS eventlog_RegisterEventSourceW( */
1335
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1336
/* IDL: [in] lsa_String logname, */
1337
/* IDL: [in] lsa_String servername, */
1338
/* IDL: [in] uint32 unknown2, */
1339
/* IDL: [in] uint32 unknown3, */
1340
/* IDL: [out] [ref] policy_handle *handle */
1341
/* IDL: ); */
1342
1343
static int
1344
eventlog_dissect_RegisterEventSourceW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1345
0
{
1346
0
  uint32_t status;
1347
1348
0
  di->dcerpc_procedure_name="RegisterEventSourceW";
1349
0
  offset = eventlog_dissect_element_RegisterEventSourceW_handle(tvb, offset, pinfo, tree, di, drep);
1350
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1351
1352
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1353
1354
0
  if (status != 0)
1355
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1356
1357
0
  return offset;
1358
0
}
1359
1360
static int
1361
eventlog_dissect_RegisterEventSourceW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1362
0
{
1363
0
  di->dcerpc_procedure_name="RegisterEventSourceW";
1364
0
  offset = eventlog_dissect_element_RegisterEventSourceW_unknown0(tvb, offset, pinfo, tree, di, drep);
1365
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1366
0
  offset = eventlog_dissect_element_RegisterEventSourceW_logname(tvb, offset, pinfo, tree, di, drep);
1367
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1368
0
  offset = eventlog_dissect_element_RegisterEventSourceW_servername(tvb, offset, pinfo, tree, di, drep);
1369
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1370
0
  offset = eventlog_dissect_element_RegisterEventSourceW_unknown2(tvb, offset, pinfo, tree, di, drep);
1371
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1372
0
  offset = eventlog_dissect_element_RegisterEventSourceW_unknown3(tvb, offset, pinfo, tree, di, drep);
1373
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1374
0
  return offset;
1375
0
}
1376
1377
static int
1378
eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1379
0
{
1380
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_unknown0_, NDR_POINTER_UNIQUE, "Pointer to Unknown0 (eventlog_OpenUnknown0)",hf_eventlog_eventlog_OpenBackupEventLogW_unknown0);
1381
1382
0
  return offset;
1383
0
}
1384
1385
static int
1386
eventlog_dissect_element_OpenBackupEventLogW_unknown0_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1387
0
{
1388
0
  offset = eventlog_dissect_struct_OpenUnknown0(tvb,offset,pinfo,tree,di,drep,hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,0);
1389
1390
0
  return offset;
1391
0
}
1392
1393
static int
1394
eventlog_dissect_element_OpenBackupEventLogW_logname(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1395
0
{
1396
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_logname, 0);
1397
1398
0
  return offset;
1399
0
}
1400
1401
static int
1402
eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1403
0
{
1404
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown2, 0);
1405
1406
0
  return offset;
1407
0
}
1408
1409
static int
1410
eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1411
0
{
1412
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_unknown3, 0);
1413
1414
0
  return offset;
1415
0
}
1416
1417
static int
1418
eventlog_dissect_element_OpenBackupEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1419
0
{
1420
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_OpenBackupEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_OpenBackupEventLogW_handle);
1421
1422
0
  return offset;
1423
0
}
1424
1425
static int
1426
eventlog_dissect_element_OpenBackupEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1427
0
{
1428
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_OpenBackupEventLogW_handle, PIDL_POLHND_OPEN);
1429
1430
0
  return offset;
1431
0
}
1432
1433
/* IDL: NTSTATUS eventlog_OpenBackupEventLogW( */
1434
/* IDL: [in] [unique(1)] eventlog_OpenUnknown0 *unknown0, */
1435
/* IDL: [in] lsa_String logname, */
1436
/* IDL: [in] uint32 unknown2, */
1437
/* IDL: [in] uint32 unknown3, */
1438
/* IDL: [out] [ref] policy_handle *handle */
1439
/* IDL: ); */
1440
1441
static int
1442
eventlog_dissect_OpenBackupEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1443
0
{
1444
0
  uint32_t status;
1445
1446
0
  di->dcerpc_procedure_name="OpenBackupEventLogW";
1447
0
  offset = eventlog_dissect_element_OpenBackupEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1448
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1449
1450
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1451
1452
0
  if (status != 0)
1453
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1454
1455
0
  return offset;
1456
0
}
1457
1458
static int
1459
eventlog_dissect_OpenBackupEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1460
0
{
1461
0
  di->dcerpc_procedure_name="OpenBackupEventLogW";
1462
0
  offset = eventlog_dissect_element_OpenBackupEventLogW_unknown0(tvb, offset, pinfo, tree, di, drep);
1463
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1464
0
  offset = eventlog_dissect_element_OpenBackupEventLogW_logname(tvb, offset, pinfo, tree, di, drep);
1465
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1466
0
  offset = eventlog_dissect_element_OpenBackupEventLogW_unknown2(tvb, offset, pinfo, tree, di, drep);
1467
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1468
0
  offset = eventlog_dissect_element_OpenBackupEventLogW_unknown3(tvb, offset, pinfo, tree, di, drep);
1469
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1470
0
  return offset;
1471
0
}
1472
1473
static int
1474
eventlog_dissect_element_ReadEventLogW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1475
0
{
1476
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReadEventLogW_handle);
1477
1478
0
  return offset;
1479
0
}
1480
1481
static int
1482
eventlog_dissect_element_ReadEventLogW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1483
0
{
1484
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_handle, 0);
1485
1486
0
  return offset;
1487
0
}
1488
1489
static int
1490
eventlog_dissect_element_ReadEventLogW_flags(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1491
0
{
1492
0
  offset = eventlog_dissect_bitmap_eventlogReadFlags(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_flags, 0);
1493
1494
0
  return offset;
1495
0
}
1496
1497
static int
1498
eventlog_dissect_element_ReadEventLogW_offset(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1499
0
{
1500
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_offset, 0);
1501
1502
0
  return offset;
1503
0
}
1504
1505
static int
1506
eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1507
0
{
1508
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_number_of_bytes, 0);
1509
1510
0
  return offset;
1511
0
}
1512
1513
static int
1514
eventlog_dissect_element_ReadEventLogW_data(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1515
0
{
1516
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_data_, NDR_POINTER_REF, "Pointer to Data (uint8)",hf_eventlog_eventlog_ReadEventLogW_data);
1517
1518
0
  return offset;
1519
0
}
1520
1521
static int
1522
eventlog_dissect_element_ReadEventLogW_sent_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1523
0
{
1524
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_sent_size_, NDR_POINTER_REF, "Pointer to Sent Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_sent_size);
1525
1526
0
  return offset;
1527
0
}
1528
1529
static int
1530
eventlog_dissect_element_ReadEventLogW_sent_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1531
0
{
1532
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_sent_size, 0);
1533
1534
0
  return offset;
1535
0
}
1536
1537
static int
1538
eventlog_dissect_element_ReadEventLogW_real_size(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1539
0
{
1540
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReadEventLogW_real_size_, NDR_POINTER_REF, "Pointer to Real Size (uint32)",hf_eventlog_eventlog_ReadEventLogW_real_size);
1541
1542
0
  return offset;
1543
0
}
1544
1545
static int
1546
eventlog_dissect_element_ReadEventLogW_real_size_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1547
0
{
1548
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReadEventLogW_real_size, 0);
1549
1550
0
  return offset;
1551
0
}
1552
1553
/* IDL: NTSTATUS eventlog_ReadEventLogW( */
1554
/* IDL: [in] [ref] policy_handle *handle, */
1555
/* IDL: [in] eventlogReadFlags flags, */
1556
/* IDL: [in] uint32 offset, */
1557
/* IDL: [in] uint32 number_of_bytes, */
1558
/* IDL: [out] [ref] [size_is(number_of_bytes)] uint8 *data, */
1559
/* IDL: [out] [ref] uint32 *sent_size, */
1560
/* IDL: [out] [ref] uint32 *real_size */
1561
/* IDL: ); */
1562
1563
static int
1564
eventlog_dissect_ReadEventLogW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1565
0
{
1566
0
  uint32_t status;
1567
1568
0
  di->dcerpc_procedure_name="ReadEventLogW";
1569
0
  offset = eventlog_dissect_element_ReadEventLogW_data(tvb, offset, pinfo, tree, di, drep);
1570
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1571
1572
0
  offset = eventlog_dissect_element_ReadEventLogW_sent_size(tvb, offset, pinfo, tree, di, drep);
1573
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1574
1575
0
  offset = eventlog_dissect_element_ReadEventLogW_real_size(tvb, offset, pinfo, tree, di, drep);
1576
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1577
1578
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1579
1580
0
  if (status != 0)
1581
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1582
1583
0
  return offset;
1584
0
}
1585
1586
static int
1587
eventlog_dissect_ReadEventLogW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1588
0
{
1589
0
  di->dcerpc_procedure_name="ReadEventLogW";
1590
0
  offset = eventlog_dissect_element_ReadEventLogW_handle(tvb, offset, pinfo, tree, di, drep);
1591
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1592
0
  offset = eventlog_dissect_element_ReadEventLogW_flags(tvb, offset, pinfo, tree, di, drep);
1593
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1594
0
  offset = eventlog_dissect_element_ReadEventLogW_offset(tvb, offset, pinfo, tree, di, drep);
1595
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1596
0
  offset = eventlog_dissect_element_ReadEventLogW_number_of_bytes(tvb, offset, pinfo, tree, di, drep);
1597
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1598
0
  return offset;
1599
0
}
1600
1601
static int
1602
eventlog_dissect_element_ReportEventW_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1603
0
{
1604
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_ReportEventW_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_ReportEventW_handle);
1605
1606
0
  return offset;
1607
0
}
1608
1609
static int
1610
eventlog_dissect_element_ReportEventW_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1611
0
{
1612
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_handle, 0);
1613
1614
0
  return offset;
1615
0
}
1616
1617
static int
1618
eventlog_dissect_element_ReportEventW_time(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1619
0
{
1620
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_time, 0);
1621
1622
0
  return offset;
1623
0
}
1624
1625
static int
1626
eventlog_dissect_element_ReportEventW_Type(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1627
0
{
1628
0
  offset = eventlog_dissect_bitmap_eventlogEventTypes(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_Type, 0);
1629
1630
0
  return offset;
1631
0
}
1632
1633
static int
1634
eventlog_dissect_element_ReportEventW_event_category(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1635
0
{
1636
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_category, 0);
1637
1638
0
  return offset;
1639
0
}
1640
1641
static int
1642
eventlog_dissect_element_ReportEventW_event_id(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1643
0
{
1644
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_event_id, 0);
1645
1646
0
  return offset;
1647
0
}
1648
1649
static int
1650
eventlog_dissect_element_ReportEventW_num_of_strings(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1651
0
{
1652
0
  offset = PIDL_dissect_uint16(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_num_of_strings, 0);
1653
1654
0
  return offset;
1655
0
}
1656
1657
static int
1658
eventlog_dissect_element_ReportEventW_data_length(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1659
0
{
1660
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_data_length, 0);
1661
1662
0
  return offset;
1663
0
}
1664
1665
static int
1666
eventlog_dissect_element_ReportEventW_computer_name(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1667
0
{
1668
0
  offset=dissect_ndr_counted_string(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_ReportEventW_computer_name, 0);
1669
1670
0
  return offset;
1671
0
}
1672
1673
/* IDL: NTSTATUS eventlog_ReportEventW( */
1674
/* IDL: [in] [ref] policy_handle *handle, */
1675
/* IDL: [in] uint32 time, */
1676
/* IDL: [in] eventlogEventTypes Type, */
1677
/* IDL: [in] uint16 event_category, */
1678
/* IDL: [in] uint32 event_id, */
1679
/* IDL: [in] uint16 num_of_strings, */
1680
/* IDL: [in] uint32 data_length, */
1681
/* IDL: [in] lsa_String computer_name */
1682
/* IDL: ); */
1683
1684
static int
1685
eventlog_dissect_ReportEventW_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1686
0
{
1687
0
  uint32_t status;
1688
1689
0
  di->dcerpc_procedure_name="ReportEventW";
1690
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1691
1692
0
  if (status != 0)
1693
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1694
1695
0
  return offset;
1696
0
}
1697
1698
static int
1699
eventlog_dissect_ReportEventW_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1700
0
{
1701
0
  di->dcerpc_procedure_name="ReportEventW";
1702
0
  offset = eventlog_dissect_element_ReportEventW_handle(tvb, offset, pinfo, tree, di, drep);
1703
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1704
0
  offset = eventlog_dissect_element_ReportEventW_time(tvb, offset, pinfo, tree, di, drep);
1705
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1706
0
  offset = eventlog_dissect_element_ReportEventW_Type(tvb, offset, pinfo, tree, di, drep);
1707
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1708
0
  offset = eventlog_dissect_element_ReportEventW_event_category(tvb, offset, pinfo, tree, di, drep);
1709
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1710
0
  offset = eventlog_dissect_element_ReportEventW_event_id(tvb, offset, pinfo, tree, di, drep);
1711
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1712
0
  offset = eventlog_dissect_element_ReportEventW_num_of_strings(tvb, offset, pinfo, tree, di, drep);
1713
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1714
0
  offset = eventlog_dissect_element_ReportEventW_data_length(tvb, offset, pinfo, tree, di, drep);
1715
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1716
0
  offset = eventlog_dissect_element_ReportEventW_computer_name(tvb, offset, pinfo, tree, di, drep);
1717
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
1718
0
  return offset;
1719
0
}
1720
1721
/* IDL: NTSTATUS eventlog_ClearEventLogA( */
1722
/* IDL:  */
1723
/* IDL: ); */
1724
1725
static int
1726
eventlog_dissect_ClearEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1727
0
{
1728
0
  uint32_t status;
1729
1730
0
  di->dcerpc_procedure_name="ClearEventLogA";
1731
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1732
1733
0
  if (status != 0)
1734
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1735
1736
0
  return offset;
1737
0
}
1738
1739
static int
1740
eventlog_dissect_ClearEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1741
0
{
1742
0
  di->dcerpc_procedure_name="ClearEventLogA";
1743
0
  return offset;
1744
0
}
1745
1746
/* IDL: NTSTATUS eventlog_BackupEventLogA( */
1747
/* IDL:  */
1748
/* IDL: ); */
1749
1750
static int
1751
eventlog_dissect_BackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1752
0
{
1753
0
  uint32_t status;
1754
1755
0
  di->dcerpc_procedure_name="BackupEventLogA";
1756
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1757
1758
0
  if (status != 0)
1759
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1760
1761
0
  return offset;
1762
0
}
1763
1764
static int
1765
eventlog_dissect_BackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1766
0
{
1767
0
  di->dcerpc_procedure_name="BackupEventLogA";
1768
0
  return offset;
1769
0
}
1770
1771
/* IDL: NTSTATUS eventlog_OpenEventLogA( */
1772
/* IDL:  */
1773
/* IDL: ); */
1774
1775
static int
1776
eventlog_dissect_OpenEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1777
0
{
1778
0
  uint32_t status;
1779
1780
0
  di->dcerpc_procedure_name="OpenEventLogA";
1781
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1782
1783
0
  if (status != 0)
1784
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1785
1786
0
  return offset;
1787
0
}
1788
1789
static int
1790
eventlog_dissect_OpenEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1791
0
{
1792
0
  di->dcerpc_procedure_name="OpenEventLogA";
1793
0
  return offset;
1794
0
}
1795
1796
/* IDL: NTSTATUS eventlog_RegisterEventSourceA( */
1797
/* IDL:  */
1798
/* IDL: ); */
1799
1800
static int
1801
eventlog_dissect_RegisterEventSourceA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1802
0
{
1803
0
  uint32_t status;
1804
1805
0
  di->dcerpc_procedure_name="RegisterEventSourceA";
1806
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1807
1808
0
  if (status != 0)
1809
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1810
1811
0
  return offset;
1812
0
}
1813
1814
static int
1815
eventlog_dissect_RegisterEventSourceA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1816
0
{
1817
0
  di->dcerpc_procedure_name="RegisterEventSourceA";
1818
0
  return offset;
1819
0
}
1820
1821
/* IDL: NTSTATUS eventlog_OpenBackupEventLogA( */
1822
/* IDL:  */
1823
/* IDL: ); */
1824
1825
static int
1826
eventlog_dissect_OpenBackupEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1827
0
{
1828
0
  uint32_t status;
1829
1830
0
  di->dcerpc_procedure_name="OpenBackupEventLogA";
1831
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1832
1833
0
  if (status != 0)
1834
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1835
1836
0
  return offset;
1837
0
}
1838
1839
static int
1840
eventlog_dissect_OpenBackupEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1841
0
{
1842
0
  di->dcerpc_procedure_name="OpenBackupEventLogA";
1843
0
  return offset;
1844
0
}
1845
1846
/* IDL: NTSTATUS eventlog_ReadEventLogA( */
1847
/* IDL:  */
1848
/* IDL: ); */
1849
1850
static int
1851
eventlog_dissect_ReadEventLogA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1852
0
{
1853
0
  uint32_t status;
1854
1855
0
  di->dcerpc_procedure_name="ReadEventLogA";
1856
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1857
1858
0
  if (status != 0)
1859
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1860
1861
0
  return offset;
1862
0
}
1863
1864
static int
1865
eventlog_dissect_ReadEventLogA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1866
0
{
1867
0
  di->dcerpc_procedure_name="ReadEventLogA";
1868
0
  return offset;
1869
0
}
1870
1871
/* IDL: NTSTATUS eventlog_ReportEventA( */
1872
/* IDL:  */
1873
/* IDL: ); */
1874
1875
static int
1876
eventlog_dissect_ReportEventA_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1877
0
{
1878
0
  uint32_t status;
1879
1880
0
  di->dcerpc_procedure_name="ReportEventA";
1881
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1882
1883
0
  if (status != 0)
1884
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1885
1886
0
  return offset;
1887
0
}
1888
1889
static int
1890
eventlog_dissect_ReportEventA_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1891
0
{
1892
0
  di->dcerpc_procedure_name="ReportEventA";
1893
0
  return offset;
1894
0
}
1895
1896
/* IDL: NTSTATUS eventlog_RegisterClusterSvc( */
1897
/* IDL:  */
1898
/* IDL: ); */
1899
1900
static int
1901
eventlog_dissect_RegisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1902
0
{
1903
0
  uint32_t status;
1904
1905
0
  di->dcerpc_procedure_name="RegisterClusterSvc";
1906
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1907
1908
0
  if (status != 0)
1909
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1910
1911
0
  return offset;
1912
0
}
1913
1914
static int
1915
eventlog_dissect_RegisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1916
0
{
1917
0
  di->dcerpc_procedure_name="RegisterClusterSvc";
1918
0
  return offset;
1919
0
}
1920
1921
/* IDL: NTSTATUS eventlog_DeregisterClusterSvc( */
1922
/* IDL:  */
1923
/* IDL: ); */
1924
1925
static int
1926
eventlog_dissect_DeregisterClusterSvc_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1927
0
{
1928
0
  uint32_t status;
1929
1930
0
  di->dcerpc_procedure_name="DeregisterClusterSvc";
1931
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1932
1933
0
  if (status != 0)
1934
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1935
1936
0
  return offset;
1937
0
}
1938
1939
static int
1940
eventlog_dissect_DeregisterClusterSvc_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1941
0
{
1942
0
  di->dcerpc_procedure_name="DeregisterClusterSvc";
1943
0
  return offset;
1944
0
}
1945
1946
/* IDL: NTSTATUS eventlog_WriteClusterEvents( */
1947
/* IDL:  */
1948
/* IDL: ); */
1949
1950
static int
1951
eventlog_dissect_WriteClusterEvents_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1952
0
{
1953
0
  uint32_t status;
1954
1955
0
  di->dcerpc_procedure_name="WriteClusterEvents";
1956
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
1957
1958
0
  if (status != 0)
1959
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
1960
1961
0
  return offset;
1962
0
}
1963
1964
static int
1965
eventlog_dissect_WriteClusterEvents_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1966
0
{
1967
0
  di->dcerpc_procedure_name="WriteClusterEvents";
1968
0
  return offset;
1969
0
}
1970
1971
static int
1972
eventlog_dissect_element_GetLogInformation_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1973
0
{
1974
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogInformation_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_GetLogInformation_handle);
1975
1976
0
  return offset;
1977
0
}
1978
1979
static int
1980
eventlog_dissect_element_GetLogInformation_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1981
0
{
1982
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_handle, 0);
1983
1984
0
  return offset;
1985
0
}
1986
1987
static int
1988
eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1989
0
{
1990
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_dwInfoLevel, 0);
1991
1992
0
  return offset;
1993
0
}
1994
1995
static int
1996
eventlog_dissect_element_GetLogInformation_lpBuffer(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
1997
0
{
1998
0
  offset = dissect_ndr_ucarray(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogInformation_lpBuffer_);
1999
2000
0
  return offset;
2001
0
}
2002
2003
static int
2004
eventlog_dissect_element_GetLogInformation_lpBuffer_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2005
0
{
2006
0
  offset = PIDL_dissect_uint8(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_lpBuffer, 0);
2007
2008
0
  return offset;
2009
0
}
2010
2011
static int
2012
eventlog_dissect_element_GetLogInformation_cbBufSize(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2013
0
{
2014
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_cbBufSize, 0);
2015
2016
0
  return offset;
2017
0
}
2018
2019
static int
2020
eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2021
0
{
2022
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_GetLogInformation_cbBytesNeeded_, NDR_POINTER_REF, "Pointer to CbBytesNeeded (int32)",hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded);
2023
2024
0
  return offset;
2025
0
}
2026
2027
static int
2028
eventlog_dissect_element_GetLogInformation_cbBytesNeeded_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2029
0
{
2030
0
  offset = PIDL_dissect_uint32(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded, 0);
2031
2032
0
  return offset;
2033
0
}
2034
2035
/* IDL: NTSTATUS eventlog_GetLogInformation( */
2036
/* IDL: [in] [ref] policy_handle *handle, */
2037
/* IDL: [in] uint32 dwInfoLevel, */
2038
/* IDL: [out] [size_is(cbBufSize)] uint8 lpBuffer[*], */
2039
/* IDL: [in] uint32 cbBufSize, */
2040
/* IDL: [out] [ref] int32 *cbBytesNeeded */
2041
/* IDL: ); */
2042
2043
static int
2044
eventlog_dissect_GetLogInformation_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2045
0
{
2046
0
  uint32_t status;
2047
2048
0
  di->dcerpc_procedure_name="GetLogInformation";
2049
0
  offset = eventlog_dissect_element_GetLogInformation_lpBuffer(tvb, offset, pinfo, tree, di, drep);
2050
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2051
2052
0
  offset = eventlog_dissect_element_GetLogInformation_cbBytesNeeded(tvb, offset, pinfo, tree, di, drep);
2053
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2054
2055
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2056
2057
0
  if (status != 0)
2058
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
2059
2060
0
  return offset;
2061
0
}
2062
2063
static int
2064
eventlog_dissect_GetLogInformation_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2065
0
{
2066
0
  di->dcerpc_procedure_name="GetLogInformation";
2067
0
  offset = eventlog_dissect_element_GetLogInformation_handle(tvb, offset, pinfo, tree, di, drep);
2068
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2069
0
  offset = eventlog_dissect_element_GetLogInformation_dwInfoLevel(tvb, offset, pinfo, tree, di, drep);
2070
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2071
0
  offset = eventlog_dissect_element_GetLogInformation_cbBufSize(tvb, offset, pinfo, tree, di, drep);
2072
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2073
0
  return offset;
2074
0
}
2075
2076
static int
2077
eventlog_dissect_element_FlushEventLog_handle(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2078
0
{
2079
0
  offset = dissect_ndr_toplevel_pointer(tvb, offset, pinfo, tree, di, drep, eventlog_dissect_element_FlushEventLog_handle_, NDR_POINTER_REF, "Pointer to Handle (policy_handle)",hf_eventlog_eventlog_FlushEventLog_handle);
2080
2081
0
  return offset;
2082
0
}
2083
2084
static int
2085
eventlog_dissect_element_FlushEventLog_handle_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2086
0
{
2087
0
  offset = PIDL_dissect_policy_hnd(tvb, offset, pinfo, tree, di, drep, hf_eventlog_eventlog_FlushEventLog_handle, 0);
2088
2089
0
  return offset;
2090
0
}
2091
2092
/* IDL: NTSTATUS eventlog_FlushEventLog( */
2093
/* IDL: [in] [ref] policy_handle *handle */
2094
/* IDL: ); */
2095
2096
static int
2097
eventlog_dissect_FlushEventLog_response(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2098
0
{
2099
0
  uint32_t status;
2100
2101
0
  di->dcerpc_procedure_name="FlushEventLog";
2102
0
  offset = dissect_ntstatus(tvb, offset, pinfo, tree, di, drep, hf_eventlog_status, &status);
2103
2104
0
  if (status != 0)
2105
0
    col_append_fstr(pinfo->cinfo, COL_INFO, ", Error: %s", val_to_str_ext(status, &NT_errors_ext, "Unknown NT status 0x%08x"));
2106
2107
0
  return offset;
2108
0
}
2109
2110
static int
2111
eventlog_dissect_FlushEventLog_request(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, dcerpc_info* di _U_, uint8_t *drep _U_)
2112
0
{
2113
0
  di->dcerpc_procedure_name="FlushEventLog";
2114
0
  offset = eventlog_dissect_element_FlushEventLog_handle(tvb, offset, pinfo, tree, di, drep);
2115
0
  offset = dissect_deferred_pointers(pinfo, tvb, offset, di, drep);
2116
0
  return offset;
2117
0
}
2118
2119
2120
static const dcerpc_sub_dissector eventlog_dissectors[] = {
2121
  { 0, "ClearEventLogW",
2122
     eventlog_dissect_ClearEventLogW_request, eventlog_dissect_ClearEventLogW_response},
2123
  { 1, "BackupEventLogW",
2124
     eventlog_dissect_BackupEventLogW_request, eventlog_dissect_BackupEventLogW_response},
2125
  { 2, "CloseEventLog",
2126
     eventlog_dissect_CloseEventLog_request, eventlog_dissect_CloseEventLog_response},
2127
  { 3, "DeregisterEventSource",
2128
     eventlog_dissect_DeregisterEventSource_request, eventlog_dissect_DeregisterEventSource_response},
2129
  { 4, "GetNumRecords",
2130
     eventlog_dissect_GetNumRecords_request, eventlog_dissect_GetNumRecords_response},
2131
  { 5, "GetOldestRecord",
2132
     eventlog_dissect_GetOldestRecord_request, eventlog_dissect_GetOldestRecord_response},
2133
  { 6, "ChangeNotify",
2134
     eventlog_dissect_ChangeNotify_request, eventlog_dissect_ChangeNotify_response},
2135
  { 7, "OpenEventLogW",
2136
     eventlog_dissect_OpenEventLogW_request, eventlog_dissect_OpenEventLogW_response},
2137
  { 8, "RegisterEventSourceW",
2138
     eventlog_dissect_RegisterEventSourceW_request, eventlog_dissect_RegisterEventSourceW_response},
2139
  { 9, "OpenBackupEventLogW",
2140
     eventlog_dissect_OpenBackupEventLogW_request, eventlog_dissect_OpenBackupEventLogW_response},
2141
  { 10, "ReadEventLogW",
2142
     eventlog_dissect_ReadEventLogW_request, eventlog_dissect_ReadEventLogW_response},
2143
  { 11, "ReportEventW",
2144
     eventlog_dissect_ReportEventW_request, eventlog_dissect_ReportEventW_response},
2145
  { 12, "ClearEventLogA",
2146
     eventlog_dissect_ClearEventLogA_request, eventlog_dissect_ClearEventLogA_response},
2147
  { 13, "BackupEventLogA",
2148
     eventlog_dissect_BackupEventLogA_request, eventlog_dissect_BackupEventLogA_response},
2149
  { 14, "OpenEventLogA",
2150
     eventlog_dissect_OpenEventLogA_request, eventlog_dissect_OpenEventLogA_response},
2151
  { 15, "RegisterEventSourceA",
2152
     eventlog_dissect_RegisterEventSourceA_request, eventlog_dissect_RegisterEventSourceA_response},
2153
  { 16, "OpenBackupEventLogA",
2154
     eventlog_dissect_OpenBackupEventLogA_request, eventlog_dissect_OpenBackupEventLogA_response},
2155
  { 17, "ReadEventLogA",
2156
     eventlog_dissect_ReadEventLogA_request, eventlog_dissect_ReadEventLogA_response},
2157
  { 18, "ReportEventA",
2158
     eventlog_dissect_ReportEventA_request, eventlog_dissect_ReportEventA_response},
2159
  { 19, "RegisterClusterSvc",
2160
     eventlog_dissect_RegisterClusterSvc_request, eventlog_dissect_RegisterClusterSvc_response},
2161
  { 20, "DeregisterClusterSvc",
2162
     eventlog_dissect_DeregisterClusterSvc_request, eventlog_dissect_DeregisterClusterSvc_response},
2163
  { 21, "WriteClusterEvents",
2164
     eventlog_dissect_WriteClusterEvents_request, eventlog_dissect_WriteClusterEvents_response},
2165
  { 22, "GetLogInformation",
2166
     eventlog_dissect_GetLogInformation_request, eventlog_dissect_GetLogInformation_response},
2167
  { 23, "FlushEventLog",
2168
     eventlog_dissect_FlushEventLog_request, eventlog_dissect_FlushEventLog_response},
2169
  { 0, NULL, NULL, NULL }
2170
};
2171
2172
void proto_register_dcerpc_eventlog(void)
2173
14
{
2174
14
  static hf_register_info hf[] = {
2175
14
  { &hf_eventlog_Record,
2176
14
    { "Record", "eventlog.Record", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2177
14
  { &hf_eventlog_Record_computer_name,
2178
14
    { "Computer Name", "eventlog.Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2179
14
  { &hf_eventlog_Record_length,
2180
14
    { "Record Length", "eventlog.Record.length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2181
14
  { &hf_eventlog_Record_source_name,
2182
14
    { "Source Name", "eventlog.Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2183
14
  { &hf_eventlog_Record_string,
2184
14
    { "string", "eventlog.Record.string", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2185
14
  { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_FAILURE,
2186
14
    { "EVENTLOG AUDIT FAILURE", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_FAILURE_tfs), ( 0x00000010 ), NULL, HFILL }},
2187
14
  { &hf_eventlog_eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS,
2188
14
    { "EVENTLOG AUDIT SUCCESS", "eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_AUDIT_SUCCESS_tfs), ( 0x00000008 ), NULL, HFILL }},
2189
14
  { &hf_eventlog_eventlogEventTypes_EVENTLOG_ERROR_TYPE,
2190
14
    { "EVENTLOG ERROR TYPE", "eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_ERROR_TYPE_tfs), ( 0x00000001 ), NULL, HFILL }},
2191
14
  { &hf_eventlog_eventlogEventTypes_EVENTLOG_INFORMATION_TYPE,
2192
14
    { "EVENTLOG INFORMATION TYPE", "eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_INFORMATION_TYPE_tfs), ( 0x00000004 ), NULL, HFILL }},
2193
14
  { &hf_eventlog_eventlogEventTypes_EVENTLOG_WARNING_TYPE,
2194
14
    { "EVENTLOG WARNING TYPE", "eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE", FT_BOOLEAN, 32, TFS(&eventlogEventTypes_EVENTLOG_WARNING_TYPE_tfs), ( 0x00000002 ), NULL, HFILL }},
2195
14
  { &hf_eventlog_eventlogReadFlags_EVENTLOG_BACKWARDS_READ,
2196
14
    { "EVENTLOG BACKWARDS READ", "eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_BACKWARDS_READ_tfs), ( 0x00000008 ), NULL, HFILL }},
2197
14
  { &hf_eventlog_eventlogReadFlags_EVENTLOG_FORWARDS_READ,
2198
14
    { "EVENTLOG FORWARDS READ", "eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_FORWARDS_READ_tfs), ( 0x00000004 ), NULL, HFILL }},
2199
14
  { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEEK_READ,
2200
14
    { "EVENTLOG SEEK READ", "eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEEK_READ_tfs), ( 0x00000002 ), NULL, HFILL }},
2201
14
  { &hf_eventlog_eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ,
2202
14
    { "EVENTLOG SEQUENTIAL READ", "eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ", FT_BOOLEAN, 32, TFS(&eventlogReadFlags_EVENTLOG_SEQUENTIAL_READ_tfs), ( 0x00000001 ), NULL, HFILL }},
2203
14
  { &hf_eventlog_eventlog_BackupEventLogW_backupfilename,
2204
14
    { "Backupfilename", "eventlog.eventlog_BackupEventLogW.backupfilename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2205
14
  { &hf_eventlog_eventlog_BackupEventLogW_handle,
2206
14
    { "Handle", "eventlog.eventlog_BackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2207
14
  { &hf_eventlog_eventlog_ChangeNotify_handle,
2208
14
    { "Handle", "eventlog.eventlog_ChangeNotify.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2209
14
  { &hf_eventlog_eventlog_ChangeNotify_unknown2,
2210
14
    { "Unknown2", "eventlog.eventlog_ChangeNotify.unknown2", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2211
14
  { &hf_eventlog_eventlog_ChangeNotify_unknown3,
2212
14
    { "Unknown3", "eventlog.eventlog_ChangeNotify.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2213
14
  { &hf_eventlog_eventlog_ChangeUnknown0_unknown0,
2214
14
    { "Unknown0", "eventlog.eventlog_ChangeUnknown0.unknown0", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2215
14
  { &hf_eventlog_eventlog_ChangeUnknown0_unknown1,
2216
14
    { "Unknown1", "eventlog.eventlog_ChangeUnknown0.unknown1", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2217
14
  { &hf_eventlog_eventlog_ClearEventLogW_backupfilename,
2218
14
    { "Backupfilename", "eventlog.eventlog_ClearEventLogW.backupfilename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2219
14
  { &hf_eventlog_eventlog_ClearEventLogW_handle,
2220
14
    { "Handle", "eventlog.eventlog_ClearEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2221
14
  { &hf_eventlog_eventlog_CloseEventLog_handle,
2222
14
    { "Handle", "eventlog.eventlog_CloseEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2223
14
  { &hf_eventlog_eventlog_DeregisterEventSource_handle,
2224
14
    { "Handle", "eventlog.eventlog_DeregisterEventSource.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2225
14
  { &hf_eventlog_eventlog_FlushEventLog_handle,
2226
14
    { "Handle", "eventlog.eventlog_FlushEventLog.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2227
14
  { &hf_eventlog_eventlog_GetLogInformation_cbBufSize,
2228
14
    { "CbBufSize", "eventlog.eventlog_GetLogInformation.cbBufSize", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2229
14
  { &hf_eventlog_eventlog_GetLogInformation_cbBytesNeeded,
2230
14
    { "CbBytesNeeded", "eventlog.eventlog_GetLogInformation.cbBytesNeeded", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2231
14
  { &hf_eventlog_eventlog_GetLogInformation_dwInfoLevel,
2232
14
    { "DwInfoLevel", "eventlog.eventlog_GetLogInformation.dwInfoLevel", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2233
14
  { &hf_eventlog_eventlog_GetLogInformation_handle,
2234
14
    { "Handle", "eventlog.eventlog_GetLogInformation.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2235
14
  { &hf_eventlog_eventlog_GetLogInformation_lpBuffer,
2236
14
    { "LpBuffer", "eventlog.eventlog_GetLogInformation.lpBuffer", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2237
14
  { &hf_eventlog_eventlog_GetNumRecords_handle,
2238
14
    { "Handle", "eventlog.eventlog_GetNumRecords.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2239
14
  { &hf_eventlog_eventlog_GetNumRecords_number,
2240
14
    { "Number", "eventlog.eventlog_GetNumRecords.number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2241
14
  { &hf_eventlog_eventlog_GetOldestRecord_handle,
2242
14
    { "Handle", "eventlog.eventlog_GetOldestRecord.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2243
14
  { &hf_eventlog_eventlog_GetOldestRecord_oldest,
2244
14
    { "Oldest", "eventlog.eventlog_GetOldestRecord.oldest", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2245
14
  { &hf_eventlog_eventlog_OpenBackupEventLogW_handle,
2246
14
    { "Handle", "eventlog.eventlog_OpenBackupEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2247
14
  { &hf_eventlog_eventlog_OpenBackupEventLogW_logname,
2248
14
    { "Logname", "eventlog.eventlog_OpenBackupEventLogW.logname", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2249
14
  { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown0,
2250
14
    { "Unknown0", "eventlog.eventlog_OpenBackupEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2251
14
  { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown2,
2252
14
    { "Unknown2", "eventlog.eventlog_OpenBackupEventLogW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2253
14
  { &hf_eventlog_eventlog_OpenBackupEventLogW_unknown3,
2254
14
    { "Unknown3", "eventlog.eventlog_OpenBackupEventLogW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2255
14
  { &hf_eventlog_eventlog_OpenEventLogW_MajorVersion,
2256
14
    { "MajorVersion", "eventlog.eventlog_OpenEventLogW.MajorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2257
14
  { &hf_eventlog_eventlog_OpenEventLogW_MinorVersion,
2258
14
    { "MinorVersion", "eventlog.eventlog_OpenEventLogW.MinorVersion", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2259
14
  { &hf_eventlog_eventlog_OpenEventLogW_Module,
2260
14
    { "Module", "eventlog.eventlog_OpenEventLogW.Module", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2261
14
  { &hf_eventlog_eventlog_OpenEventLogW_RegModuleName,
2262
14
    { "RegModuleName", "eventlog.eventlog_OpenEventLogW.RegModuleName", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2263
14
  { &hf_eventlog_eventlog_OpenEventLogW_handle,
2264
14
    { "Handle", "eventlog.eventlog_OpenEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2265
14
  { &hf_eventlog_eventlog_OpenEventLogW_unknown0,
2266
14
    { "Unknown0", "eventlog.eventlog_OpenEventLogW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2267
14
  { &hf_eventlog_eventlog_OpenUnknown0_unknown0,
2268
14
    { "Unknown0", "eventlog.eventlog_OpenUnknown0.unknown0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2269
14
  { &hf_eventlog_eventlog_OpenUnknown0_unknown1,
2270
14
    { "Unknown1", "eventlog.eventlog_OpenUnknown0.unknown1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2271
14
  { &hf_eventlog_eventlog_ReadEventLogW_data,
2272
14
    { "Data", "eventlog.eventlog_ReadEventLogW.data", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL }},
2273
14
  { &hf_eventlog_eventlog_ReadEventLogW_flags,
2274
14
    { "Flags", "eventlog.eventlog_ReadEventLogW.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2275
14
  { &hf_eventlog_eventlog_ReadEventLogW_handle,
2276
14
    { "Handle", "eventlog.eventlog_ReadEventLogW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2277
14
  { &hf_eventlog_eventlog_ReadEventLogW_number_of_bytes,
2278
14
    { "Number Of Bytes", "eventlog.eventlog_ReadEventLogW.number_of_bytes", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2279
14
  { &hf_eventlog_eventlog_ReadEventLogW_offset,
2280
14
    { "Offset", "eventlog.eventlog_ReadEventLogW.offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2281
14
  { &hf_eventlog_eventlog_ReadEventLogW_real_size,
2282
14
    { "Real Size", "eventlog.eventlog_ReadEventLogW.real_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2283
14
  { &hf_eventlog_eventlog_ReadEventLogW_sent_size,
2284
14
    { "Sent Size", "eventlog.eventlog_ReadEventLogW.sent_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2285
14
  { &hf_eventlog_eventlog_Record_closing_record_number,
2286
14
    { "Closing Record Number", "eventlog.eventlog_Record.closing_record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2287
14
  { &hf_eventlog_eventlog_Record_computer_name,
2288
14
    { "Computer Name", "eventlog.eventlog_Record.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2289
14
  { &hf_eventlog_eventlog_Record_data_length,
2290
14
    { "Data Length", "eventlog.eventlog_Record.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2291
14
  { &hf_eventlog_eventlog_Record_data_offset,
2292
14
    { "Data Offset", "eventlog.eventlog_Record.data_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2293
14
  { &hf_eventlog_eventlog_Record_event_category,
2294
14
    { "Event Category", "eventlog.eventlog_Record.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2295
14
  { &hf_eventlog_eventlog_Record_event_id,
2296
14
    { "Event Id", "eventlog.eventlog_Record.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2297
14
  { &hf_eventlog_eventlog_Record_event_type,
2298
14
    { "Event Type", "eventlog.eventlog_Record.event_type", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2299
14
  { &hf_eventlog_eventlog_Record_num_of_strings,
2300
14
    { "Num Of Strings", "eventlog.eventlog_Record.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2301
14
  { &hf_eventlog_eventlog_Record_raw_data,
2302
14
    { "Raw Data", "eventlog.eventlog_Record.raw_data", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2303
14
  { &hf_eventlog_eventlog_Record_record_number,
2304
14
    { "Record Number", "eventlog.eventlog_Record.record_number", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2305
14
  { &hf_eventlog_eventlog_Record_reserved,
2306
14
    { "Reserved", "eventlog.eventlog_Record.reserved", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2307
14
  { &hf_eventlog_eventlog_Record_reserved_flags,
2308
14
    { "Reserved Flags", "eventlog.eventlog_Record.reserved_flags", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2309
14
  { &hf_eventlog_eventlog_Record_sid_length,
2310
14
    { "Sid Length", "eventlog.eventlog_Record.sid_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2311
14
  { &hf_eventlog_eventlog_Record_sid_offset,
2312
14
    { "Sid Offset", "eventlog.eventlog_Record.sid_offset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2313
14
  { &hf_eventlog_eventlog_Record_size,
2314
14
    { "Size", "eventlog.eventlog_Record.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2315
14
  { &hf_eventlog_eventlog_Record_source_name,
2316
14
    { "Source Name", "eventlog.eventlog_Record.source_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2317
14
  { &hf_eventlog_eventlog_Record_stringoffset,
2318
14
    { "Stringoffset", "eventlog.eventlog_Record.stringoffset", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2319
14
  { &hf_eventlog_eventlog_Record_strings,
2320
14
    { "Strings", "eventlog.eventlog_Record.strings", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2321
14
  { &hf_eventlog_eventlog_Record_time_generated,
2322
14
    { "Time Generated", "eventlog.eventlog_Record.time_generated", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2323
14
  { &hf_eventlog_eventlog_Record_time_written,
2324
14
    { "Time Written", "eventlog.eventlog_Record.time_written", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2325
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_handle,
2326
14
    { "Handle", "eventlog.eventlog_RegisterEventSourceW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2327
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_logname,
2328
14
    { "Logname", "eventlog.eventlog_RegisterEventSourceW.logname", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2329
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_servername,
2330
14
    { "Servername", "eventlog.eventlog_RegisterEventSourceW.servername", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2331
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_unknown0,
2332
14
    { "Unknown0", "eventlog.eventlog_RegisterEventSourceW.unknown0", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
2333
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_unknown2,
2334
14
    { "Unknown2", "eventlog.eventlog_RegisterEventSourceW.unknown2", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2335
14
  { &hf_eventlog_eventlog_RegisterEventSourceW_unknown3,
2336
14
    { "Unknown3", "eventlog.eventlog_RegisterEventSourceW.unknown3", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2337
14
  { &hf_eventlog_eventlog_ReportEventW_Type,
2338
14
    { "Type", "eventlog.eventlog_ReportEventW.Type", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
2339
14
  { &hf_eventlog_eventlog_ReportEventW_computer_name,
2340
14
    { "Computer Name", "eventlog.eventlog_ReportEventW.computer_name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
2341
14
  { &hf_eventlog_eventlog_ReportEventW_data_length,
2342
14
    { "Data Length", "eventlog.eventlog_ReportEventW.data_length", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2343
14
  { &hf_eventlog_eventlog_ReportEventW_event_category,
2344
14
    { "Event Category", "eventlog.eventlog_ReportEventW.event_category", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2345
14
  { &hf_eventlog_eventlog_ReportEventW_event_id,
2346
14
    { "Event Id", "eventlog.eventlog_ReportEventW.event_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2347
14
  { &hf_eventlog_eventlog_ReportEventW_handle,
2348
14
    { "Handle", "eventlog.eventlog_ReportEventW.handle", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
2349
14
  { &hf_eventlog_eventlog_ReportEventW_num_of_strings,
2350
14
    { "Num Of Strings", "eventlog.eventlog_ReportEventW.num_of_strings", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2351
14
  { &hf_eventlog_eventlog_ReportEventW_time,
2352
14
    { "Time", "eventlog.eventlog_ReportEventW.time", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL }},
2353
14
  { &hf_eventlog_opnum,
2354
14
    { "Operation", "eventlog.opnum", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL }},
2355
14
  { &hf_eventlog_status,
2356
14
    { "NT Error", "eventlog.status", FT_UINT32, BASE_HEX|BASE_EXT_STRING, &NT_errors_ext, 0, NULL, HFILL }},
2357
14
  };
2358
2359
2360
14
  static int *ett[] = {
2361
14
    &ett_dcerpc_eventlog,
2362
14
    &ett_eventlog_eventlogReadFlags,
2363
14
    &ett_eventlog_eventlogEventTypes,
2364
14
    &ett_eventlog_eventlog_OpenUnknown0,
2365
14
    &ett_eventlog_eventlog_Record,
2366
14
    &ett_eventlog_eventlog_ChangeUnknown0,
2367
14
  };
2368
2369
14
  proto_dcerpc_eventlog = proto_register_protocol("Event Logger", "EVENTLOG", "eventlog");
2370
14
  proto_register_field_array(proto_dcerpc_eventlog, hf, array_length (hf));
2371
14
  proto_register_subtree_array(ett, array_length(ett));
2372
14
}
2373
2374
void proto_reg_handoff_dcerpc_eventlog(void)
2375
14
{
2376
14
  dcerpc_init_uuid(proto_dcerpc_eventlog, ett_dcerpc_eventlog,
2377
14
    &uuid_dcerpc_eventlog, ver_dcerpc_eventlog,
2378
14
    eventlog_dissectors, hf_eventlog_opnum);
2379
14
}